diff options
| -rw-r--r-- | .github/workflows/cleanup-mirror-pr-branch.yml | 1 | ||||
| -rw-r--r-- | .github/workflows/mirror-pr-and-sync.yml | 26 | ||||
| -rw-r--r-- | .github/workflows/repo-sync.yml | 17 | ||||
| -rw-r--r-- | .github/workflows/trigger-pr-mirror-repo-sync.yml | 1 | ||||
| -rw-r--r-- | CODEOWNERS | 2 | ||||
| -rw-r--r-- | docker/Dockerfile | 1 | ||||
| -rw-r--r-- | scripts/package-build/hsflowd/package.toml | 4 | ||||
| -rw-r--r-- | scripts/package-build/keepalived/package.toml | 2 | ||||
| -rw-r--r-- | scripts/package-build/keepalived/patches/keepalived/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch | 129 | ||||
| -rw-r--r-- | scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig | 4 | ||||
| -rw-r--r-- | scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig | 4 |
11 files changed, 39 insertions, 152 deletions
diff --git a/.github/workflows/cleanup-mirror-pr-branch.yml b/.github/workflows/cleanup-mirror-pr-branch.yml index bbe6aa2f..a62e44b2 100644 --- a/.github/workflows/cleanup-mirror-pr-branch.yml +++ b/.github/workflows/cleanup-mirror-pr-branch.yml @@ -11,5 +11,6 @@ permissions: jobs: call-delete-branch: + if: github.repository_owner != 'vyos' uses: vyos/.github/.github/workflows/cleanup-mirror-pr-branch.yml@current secrets: inherit diff --git a/.github/workflows/mirror-pr-and-sync.yml b/.github/workflows/mirror-pr-and-sync.yml new file mode 100644 index 00000000..48a67a43 --- /dev/null +++ b/.github/workflows/mirror-pr-and-sync.yml @@ -0,0 +1,26 @@ +name: Create Mirror PR and Repo Sync +on: + workflow_dispatch: + inputs: + pr_number: + description: 'Source repo PR Number' + required: true + type: string + sync_branch: + description: 'branch to sync' + required: true + type: string + +permissions: + pull-requests: write + contents: write + +jobs: + call-mirror-pr-and-sync: + if: github.repository_owner != 'vyos' + uses: VyOS-Networks/vyos-reusable-workflows/.github/workflows/mirror-pr-and-sync.yml@main + with: + pr_number: ${{ inputs.pr_number }} + sync_branch: ${{ inputs.sync_branch }} + secrets: + PAT: ${{ secrets.PAT }} diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml deleted file mode 100644 index 6da2fb40..00000000 --- a/.github/workflows/repo-sync.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: Repo-sync - -on: - pull_request_target: - types: - - closed - branches: - - current - workflow_dispatch: - -jobs: - trigger-sync: - uses: vyos/.github/.github/workflows/trigger-repo-sync.yml@current - secrets: - REMOTE_REPO: ${{ secrets.REMOTE_REPO }} - REMOTE_OWNER: ${{ secrets.REMOTE_OWNER }} - PAT: ${{ secrets.PAT }} diff --git a/.github/workflows/trigger-pr-mirror-repo-sync.yml b/.github/workflows/trigger-pr-mirror-repo-sync.yml index d5e8ce3b..f7489598 100644 --- a/.github/workflows/trigger-pr-mirror-repo-sync.yml +++ b/.github/workflows/trigger-pr-mirror-repo-sync.yml @@ -8,5 +8,6 @@ on: jobs: call-trigger-mirror-pr-repo-sync: + if: github.repository_owner == 'vyos' && github.event.pull_request.merged == true uses: vyos/.github/.github/workflows/trigger-pr-mirror-repo-sync.yml@current secrets: inherit @@ -1,2 +1,2 @@ # Users from reviewers github team -* @dmbaturin @sarthurdev @jestabro @sever-sever @c-po +* @vyos/reviewers diff --git a/docker/Dockerfile b/docker/Dockerfile index a638a438..cbedc4c0 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -108,6 +108,7 @@ RUN apt-get update && apt-get install -y \ debootstrap \ live-build \ gdisk \ + sbsigntool \ dosfstools # Packages for TPM test diff --git a/scripts/package-build/hsflowd/package.toml b/scripts/package-build/hsflowd/package.toml index 05ec13fe..823b0db3 100644 --- a/scripts/package-build/hsflowd/package.toml +++ b/scripts/package-build/hsflowd/package.toml @@ -1,8 +1,8 @@ [[packages]] name = "host-sflow" -commit_id = "v2.0.55-1" +commit_id = "v2.1.11-5" scm_url = "https://github.com/sflow/host-sflow.git" -build_cmd = "make deb FEATURES='PCAP DROPMON DBUS PSAMPLE'" +build_cmd = "make deb FEATURES='PCAP DROPMON DBUS PSAMPLE VPP'" [dependencies] packages = ["libpcap0.8-dev"] diff --git a/scripts/package-build/keepalived/package.toml b/scripts/package-build/keepalived/package.toml index ad1008e6..3f5ec071 100644 --- a/scripts/package-build/keepalived/package.toml +++ b/scripts/package-build/keepalived/package.toml @@ -1,4 +1,4 @@ [[packages]] name = "keepalived" -commit_id = "debian/1%2.2.8-1" +commit_id = "debian/1%2.3.2-1" scm_url = "https://salsa.debian.org/debian/pkg-keepalived.git" diff --git a/scripts/package-build/keepalived/patches/keepalived/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch b/scripts/package-build/keepalived/patches/keepalived/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch deleted file mode 100644 index b099dc7b..00000000 --- a/scripts/package-build/keepalived/patches/keepalived/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch +++ /dev/null @@ -1,129 +0,0 @@ -From af4aa758c3512bec8233549e138b03741c5404f9 Mon Sep 17 00:00:00 2001 -From: Quentin Armitage <quentin@armitage.org.uk> -Date: Sat, 14 Oct 2023 15:37:19 +0100 -Subject: [PATCH] vrrp: Set sysctl arp_ignore to 1 on IPv6 VMACs - -Setting arp_ignore to 1 ensures that the VMAC interface does not respond -to ARP requests for IPv4 addresses not configured on the VMAC. - -Signed-off-by: Quentin Armitage <quentin@armitage.org.uk> ---- - keepalived/include/vrrp_if_config.h | 2 +- - keepalived/vrrp/vrrp_if_config.c | 28 ++++++++++++++++++++-------- - keepalived/vrrp/vrrp_vmac.c | 5 ++--- - 3 files changed, 23 insertions(+), 12 deletions(-) - -diff --git a/keepalived/include/vrrp_if_config.h b/keepalived/include/vrrp_if_config.h -index 35465cd..c35e56e 100644 ---- a/keepalived/include/vrrp_if_config.h -+++ b/keepalived/include/vrrp_if_config.h -@@ -34,7 +34,7 @@ extern void set_promote_secondaries(interface_t*); - extern void reset_promote_secondaries(interface_t*); - #ifdef _HAVE_VRRP_VMAC_ - extern void restore_rp_filter(void); --extern void set_interface_parameters(const interface_t*, interface_t*); -+extern void set_interface_parameters(const interface_t*, interface_t*, sa_family_t); - extern void reset_interface_parameters(interface_t*); - extern void link_set_ipv6(const interface_t*, bool); - #endif -diff --git a/keepalived/vrrp/vrrp_if_config.c b/keepalived/vrrp/vrrp_if_config.c -index cfce7e2..fbfd34c 100644 ---- a/keepalived/vrrp/vrrp_if_config.c -+++ b/keepalived/vrrp/vrrp_if_config.c -@@ -81,6 +81,11 @@ static sysctl_opts_t vmac_sysctl[] = { - { 0, 0} - }; - -+static sysctl_opts_t vmac_sysctl_6[] = { -+ { IPV4_DEVCONF_ARP_IGNORE, 1 }, -+ { 0, 0} -+}; -+ - #endif - #endif - -@@ -216,11 +221,14 @@ netlink_set_interface_flags(unsigned ifindex, const sysctl_opts_t *sys_opts) - - #ifdef _HAVE_VRRP_VMAC_ - static inline int --netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp) -+netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { -- if (netlink_set_interface_flags(ifp->ifindex, vmac_sysctl)) -+ if (netlink_set_interface_flags(ifp->ifindex, family == AF_INET6 ? vmac_sysctl_6 : vmac_sysctl)) - return -1; - -+ if (family == AF_INET6) -+ return 0; -+ - /* If the underlying interface is a MACVLAN that has been moved into - * a separate network namespace from the parent, we can't access the - * parent. */ -@@ -271,9 +279,9 @@ netlink_reset_interface_parameters(const interface_t* ifp) - } - - static inline void --set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp) -+set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { -- if (netlink_set_interface_parameters(ifp, base_ifp)) -+ if (netlink_set_interface_parameters(ifp, base_ifp, family)) - log_message(LOG_INFO, "Unable to set parameters for %s", ifp->ifname); - } - -@@ -310,11 +318,15 @@ reset_promote_secondaries_devconf(interface_t *ifp) - - #ifdef _HAVE_VRRP_VMAC_ - static inline void --set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp) -+set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { - unsigned val; - - set_sysctl("net/ipv4/conf", ifp->ifname, "arp_ignore", 1); -+ -+ if (family == AF_INET6) -+ return; -+ - set_sysctl("net/ipv4/conf", ifp->ifname, "accept_local", 1); - set_sysctl("net/ipv4/conf", ifp->ifname, "rp_filter", 0); - -@@ -524,15 +536,15 @@ restore_rp_filter(void) - } - - void --set_interface_parameters(const interface_t *ifp, interface_t *base_ifp) -+set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { - if (all_rp_filter == UINT_MAX) - clear_rp_filter(); - - #ifdef _HAVE_IPV4_DEVCONF_ -- set_interface_parameters_devconf(ifp, base_ifp); -+ set_interface_parameters_devconf(ifp, base_ifp, family); - #else -- set_interface_parameters_sysctl(ifp, base_ifp); -+ set_interface_parameters_sysctl(ifp, base_ifp, family); - #endif - } - -diff --git a/keepalived/vrrp/vrrp_vmac.c b/keepalived/vrrp/vrrp_vmac.c -index e5ff0e9..021953a 100644 ---- a/keepalived/vrrp/vrrp_vmac.c -+++ b/keepalived/vrrp/vrrp_vmac.c -@@ -407,10 +407,9 @@ netlink_link_add_vmac(vrrp_t *vrrp, const interface_t *old_interface) - if (!ifp->ifindex) - return false; - -- if (vrrp->family == AF_INET && create_interface) { -+ if (create_interface) { - /* Set the necessary kernel parameters to make macvlans work for us */ --// If this saves current base_ifp's settings, we need to be careful if multiple VMACs on same i/f -- set_interface_parameters(ifp, ifp->base_ifp); -+ set_interface_parameters(ifp, ifp->base_ifp, vrrp->family); - } - - #ifdef _WITH_FIREWALL_ --- -2.34.1 - diff --git a/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig b/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig index 9592b39b..fe174f63 100644 --- a/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig +++ b/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig @@ -5362,7 +5362,9 @@ CONFIG_VIRTIO_MEM=m CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_MMIO=m CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y -# CONFIG_VDPA is not set +CONFIG_VIRTIO_VDPA=m +CONFIG_VDPA=m +CONFIG_VHOST_VDPA=m CONFIG_VHOST_IOTLB=m CONFIG_VHOST_TASK=y CONFIG_VHOST=m diff --git a/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig b/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig index f33cde92..124c9aa8 100644 --- a/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig +++ b/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig @@ -5028,7 +5028,9 @@ CONFIG_VIRTIO_BALLOON=m CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_MMIO=m CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y -# CONFIG_VDPA is not set +CONFIG_VIRTIO_VDPA=m +CONFIG_VDPA=m +CONFIG_VHOST_VDPA=m CONFIG_VHOST_IOTLB=m CONFIG_VHOST_TASK=y CONFIG_VHOST=m |